Managing risk for multiple threats and/or multiple computer systems may be problematic. A large number of threats may exist. Each of these threats may place a certain profile of computer systems at risk. Additionally, each of these computer systems may use a different configuration that impacts the risk for each computer system. Furthermore, the list of threats and computer systems may be changing as new attacks are created, new solutions are implemented, and new configurations and applications are installed.